Bug 1094953: Ensure that GetGlobalJSObject on the native global does not return null in nsXPCWrappedJSClass::DelegatedQueryInterface. r=bholley
authorBob Owen <bobowencode@gmail.com>
Mon, 09 Feb 2015 19:55:57 +0000
changeset 228148 46627b312b8d228592b7a9b67ef057fcf0a3cbb2
parent 228147 075d31f8da0e1c5c274b7d7684cf16333738dc21
child 228149 c915d1a940963b6298ef6f563ec170d8c833ee98
push id55343
push userbobowencode@gmail.com
push dateMon, 09 Feb 2015 20:52:18 +0000
treeherdermozilla-inbound@46627b312b8d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1094953
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1094953: Ensure that GetGlobalJSObject on the native global does not return null in nsXPCWrappedJSClass::DelegatedQueryInterface. r=bholley
js/xpconnect/src/XPCWrappedJSClass.cpp
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp
+++ b/js/xpconnect/src/XPCWrappedJSClass.cpp
@@ -503,18 +503,23 @@ nsXPCWrappedJSClass::DelegatedQueryInter
     // We can't have a cached wrapper.
     if (aIID.Equals(NS_GET_IID(nsWrapperCache))) {
         *aInstancePtr = nullptr;
         return NS_NOINTERFACE;
     }
 
     // QI on an XPCWrappedJS can run script, so we need an AutoEntryScript.
     // This is inherently Gecko-specific.
+    // We check both nativeGlobal and nativeGlobal->GetGlobalJSObject() even
+    // though we have derived nativeGlobal from the JS global, because we know
+    // there are cases where this can happen. See bug 1094953.
     nsIGlobalObject* nativeGlobal =
       NativeGlobal(js::GetGlobalForObjectCrossCompartment(self->GetJSObject()));
+    NS_ENSURE_TRUE(nativeGlobal, NS_ERROR_FAILURE);
+    NS_ENSURE_TRUE(nativeGlobal->GetGlobalJSObject(), NS_ERROR_FAILURE);
     AutoEntryScript aes(nativeGlobal, /* aIsMainThread = */ true);
     XPCCallContext ccx(NATIVE_CALLER, aes.cx());
     if (!ccx.IsValid()) {
         *aInstancePtr = nullptr;
         return NS_NOINTERFACE;
     }
 
     // We support nsISupportsWeakReference iff the root wrapped JSObject